Attack-Technique

Technical explanation of credential stuffing, an attack technique where threat actors use previously stolen username and password combinations to gain unauthorized access to user accounts across multiple services.

Technical explanation of watering hole attacks, a technique in which threat actors compromise websites frequently visited by a target group in order to infect visitors with malware.

Drive-by compromise is an attack technique where malicious code is delivered to victims simply by visiting a compromised or malicious website, often exploiting browser vulnerabilities.

Technical explanation of drive-by download attacks, a technique in which malware is silently delivered to victims when they visit compromised or malicious websites.

Technical explanation of exploit kits, a technique used by threat actors to automatically exploit vulnerabilities in visiting systems and deliver malware payloads through compromised web infrastructure.

Browser exploitation refers to attacks that target vulnerabilities in web browsers, plugins, or browser components to execute malicious code, steal credentials, or deliver malware to victims.

Technical explanation of the Living-off-the-Land attack technique, where threat actors use legitimate system tools and utilities to conduct malicious operations while avoiding detection.

User execution is an attack technique where malicious actions occur after a victim opens a file, runs a program, or clicks a link that triggers malware execution.

Remote access abuse refers to attackers exploiting legitimate remote access services such as RDP, VPN, or remote administration tools to gain and maintain unauthorized system access.

Technical explanation of credential harvesting, an attack technique used by threat actors to steal authentication credentials and gain unauthorized access to systems and networks.

Technical explanation of lateral movement, an attack technique used by threat actors to expand access across enterprise networks after initial compromise.

Technical explanation of domain hijacking, an attack technique in which threat actors obtain unauthorized control over registered domain names in order to redirect traffic, conduct phishing campaigns, or distribute malware.

Technical explanation of privilege escalation, an attack technique used by threat actors to obtain higher levels of access within compromised systems and enterprise networks.

Technical explanation of credential dumping, an attack technique used by threat actors to extract stored authentication credentials from compromised systems in order to escalate privileges and move laterally within enterprise networks.

Technical explanation of DNS poisoning attacks, a technique in which attackers manipulate DNS responses in order to redirect users to malicious infrastructure without their knowledge.

Technical explanation of phishing, a social engineering attack technique used to trick users into revealing credentials or executing malicious content.

Technical explanation of data exfiltration, an attack technique used by threat actors to transfer sensitive information from compromised systems to external infrastructure under attacker control.

Technical explanation of session hijacking, an attack technique in which threat actors take control of active authenticated sessions to gain unauthorized access to systems and applications.

Technical explanation of persistence, an attack technique used by threat actors to maintain long-term access to compromised systems and networks even after initial intrusion vectors are removed.

Technical explanation of command and control infrastructure, an attack technique used by threat actors to communicate with compromised systems and coordinate malicious operations.

Technical explanation of defense evasion, an attack technique used by threat actors to bypass or disable security controls in order to remain undetected within compromised systems.

Technical explanation of initial access techniques used by threat actors to gain the first foothold within target systems or enterprise networks.

Technical explanation of zero-day exploits, an attack technique in which threat actors exploit previously unknown software vulnerabilities before developers release security patches.

Technical explanation of malware delivery techniques used by threat actors to distribute malicious software through email, compromised websites, and other intrusion vectors.

Technical explanation of reconnaissance, an attack technique used by threat actors to gather information about target systems, networks, and users prior to or during cyber intrusion campaigns.

Technical explanation of supply chain attacks, a technique in which threat actors compromise trusted software vendors, service providers, or development pipelines in order to distribute malicious code to downstream organizations.

Technical explanation of man-in-the-middle attacks, a technique in which attackers intercept and potentially modify communications between systems in order to steal data or manipulate interactions.

Technical explanation of brute force attacks, an authentication abuse technique in which attackers systematically attempt large numbers of password combinations to gain unauthorized access to accounts or systems.